Skills
skills/pony-unicorn/ai-coding-kit/code-reviewer/Gen Agent Trust Hub

code-reviewer

Warn

Audited by Gen Agent Trust Hub on Feb 16, 2026

Risk Level: MEDIUMEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
  • [EXTERNAL_DOWNLOADS] (MEDIUM): The SKILL.md file instructs users to run npm install and pip install -r requirements.txt, but the corresponding manifest files (package.json, requirements.txt) are missing from the skill, making the requested dependencies unverifiable.\n- [PROMPT_INJECTION] (INFO): The skill is designed to process untrusted project files, creating an Indirect Prompt Injection surface (Category 8). Evidence: 1. Ingestion points: target argument in all scripts; 2. Boundary markers: Absent; 3. Capability inventory: Scripts are skeletons that currently only support local display and JSON report generation; 4. Sanitization: Absent.
Audit Metadata
Risk Level
MEDIUM
Analyzed
Feb 16, 2026, 04:18 AM